[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Client blocking forever in SSL_connect

At 10:43 AM 12/19/2005, Ralf Haferkamp wrote:
>I ran into a problem where an LDAP Client, that uses SSL/TLS (no matter 
>whether via ldaps or START_TLS) was indefinitely blocking in the 
>SSL_connect() call in libraries/libldap/tls.c.
>As libldap mostly uses blocking IO (as far as I understand), the 
>SSL_connect call also uses blocking IO (according to the openssl docs) 
>and so it can easily block if the server does not reply.
>I am wondering if it is possible to add functionallty to the API that 
>one can use SSL_connect in a non-blocking fashion. For example by 
>setting the underlying socket to non-blocking just before the 
>SSL_connect call and using select with the LDAP_OPT_NETWORK_TIMEOUT 
>timeout value and setting it back to blocking IO after the SSL 
>handshake completed. Similar to what is done in ldap_pvt_connect() in 
>Comments or other suggestions?

What API would you provide to the program to continue the
communication once blocking condition was removed?